Think the shopping season ends on December 25? Not even close. Retailers launch a whole new wave of promotions: after-holiday blowouts, New Year deals, clearance events, and anything else they can dream up to keep shoppers clicking. But while stores ramp up the marketing, cybercriminals ramp up their tricks — especially domain-jacking and typosquatting. And during this busy online shopping stretch, more people than ever are falling for them.
Domain-jacking and typosquatting happen when scammers register fake websites that look almost identical to popular retailers or banking sites. The goal? Dupe you into handing over your login credentials, payment information, or personal data — or infect your device with malware. Some of these copycat sites are so convincing that you won’t spot the difference unless you look very closely.
The trick is simple: they rely on typos or subtle substitutions. A misplaced letter, an extra character, or a swapped symbol can send you straight to a scam site. Think barnesandnobles.com instead of the real version that does not include the "s," or replacing a lowercase “l” with a number “1” in website names. These small changes are almost invisible at a glance. Cybercriminals especially love targeting online banking and checkout pages because the information you type there is pure gold on the dark web.
Before you shop or enter anything sensitive online, take a moment to double-check the URL. Avoid clicking links from emails, texts, social media ads, or pop-ups — even if they look legit. Type the site name into your browser yourself, but do it carefully. One wrong keystroke can send you to a malicious page capable of downloading malware instantly, a tactic known as a drive-by download.
Protect yourself by keeping all your devices — phones, tablets, laptops — equipped with updated antivirus and anti-malware software. It doesn’t matter the operating system; attackers don’t discriminate by operating system.
And remember: if something about a website feels off, stop. Don’t enter any personal or payment information until you’ve confirmed the site is legitimate. A few seconds of caution can save you from identity theft, account takeover, and a whole world of pain and frustration.
Don’t let attackers steal the joy from your post-holiday deals. Stay vigilant and shop smart all year-round.
SUBSCRIBE TO WEEKLY NEWSLETTER
